Here the challenge is to execute arbitrary code. Calling alert(1) will not solve this challenge. One example to solve this challenge would be redirecting to a JavaScript URL and calling the alert(1) from there.

For more vectors please visit the XSS cheat sheet

Think you have solved an impossible lab? You are my new hero. Be ready to accept fame and glory, please report your epic accomplishment on twitter or file a new issue on Github.